Security News > 2023 > October > Over 40,000 Cisco IOS XE devices infected with backdoor using zero-day

Over 40,000 Cisco IOS XE devices infected with backdoor using zero-day
2023-10-20 01:08

More than 40,000 Cisco devices running the IOS XE operating system have been compromised after hackers exploited a recently disclosed maximum severity vulnerability tracked as CVE-2023-20198.

Initial estimates of breached Cisco IOS XE devices were around 10,000 and the number started growing as security researchers scanned the internet for a more accurate figure.

Using the same verification method from Cisco, the private CERT from Orange announced on Wednesday that there were more than 34,500 Cisco IOS XE IP addresses with a malicious implant as a result of exploiting CVE-2023-20198.

A precise number of Cisco IOS XE devices reachable over the public internet is difficult to obtain but Shodan shows a little over 145,000 hosts, most of them in the U.S. Below is a screenshot with Shodan results for Cisco devices that have their Web UI accessible over the internet, using a query from Simo Kohonen, the CEO of Aves Netsec cybersecurity company.

Security researcher Yutaka Sejiyama also searched Shodan for Cisco IOS XE devices vulnerable to CVE-2023-20198 and found close to 90,000 hosts exposed on the web.

Over 10,000 Cisco devices hacked in IOS XE zero-day attacks.


News URL

https://www.bleepingcomputer.com/news/security/over-40-000-cisco-ios-xe-devices-infected-with-backdoor-using-zero-day/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2023-10-16 CVE-2023-20198 Unspecified vulnerability in Cisco IOS XE
Cisco is providing an update for the ongoing investigation into observed exploitation of the web UI feature in Cisco IOS XE Software.
network
low complexity
cisco
critical
10.0

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Cisco 4428 230 3115 1863 609 5817